WHAT IS CLAIMED IS: 

1. A method of administration of private ke^s for a 
plurality of users for use to encrypt or decrypt items 
transmitted via a network, there being f^r each user a 
respective set of an ID, user identifying information, 
private key, and public key corresponding to the private 
key, said method comprising: / 

receiving via the network a/user's ID; 

reading from a storage means data corresponding to the 
user having the received ID, /which data comprises the user's 
private key encrypted usingf a key determined from 
identifying information off the user; and 

sending via the network the encrypted private key, 
whereby the encrypted/ private key can be received and 
decrypted at the location of the user using the user's 
4 dontifyiii g iiif uiwatlun ^: " 

2. The method of Claim 1, wherein the user identifying 
information comprisesr-a passphrase entered by the user at 
the user equipment, cmhaometric information which is 
obtained from the userW suitable measurement or scanning 
at the user equipment. \ 



3. The method of Claim 1, wherein^fche data read -form- said 
storage means further comprises^die user ' s public^key, and 
the method further comprises^ejer^ivirig a digital signature 
manifesting the user's ^provdl of a document, which digital 
signature represent^a computed hasl^pf the approved 
document encrypted using t^ie user's private key, and 
verifying th^received digital signature by decrypting the 
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8 digital signature using the user's public kejr and comparing 

9 the result of this decrypting with an independently computed 
10 hash of the document, / 

V s 1 4. The method of Claim 2, wherein th^d^a read^'rOTHr said 

2 storage means further comprises/the >dser *s public key, and 

3 the method further comprises/receiving A digital signature 

4 manifesting the user's appx'oval c/f a docuntent, which digital 

5 signature represents a computed/hash of the approved 

6 document encrypted usi/ng the u/skx 1 s private Aiey, and 

7 verifying the receryfed digital s igria*ur£L-by decrypting the 
O 8 digital signatur^using the user's public key and comparing 

9 the result of >tnis decrypting with an independently computed 

10 hash nf t he, >flocumen fet ^ 

\ s z 

Q 1 5. A method for obtaining and using a private key at user 

\M 2 equipment via a network, said method comprising: 

: u 3 transmitting from the user equipment an ID of a user; 

iy 4 receiving a private key of the user encrypted with 

! ^ 5 a user identifying key associated with the user; and 

i s B 6 decrypting the encrypted private key using a user 

'""^ 7 identifying key determined from interaction with the user at 

8 the user equipment; 

9 using the decrypted private key; and 

10 destroying or avoiding making any non-volatile record 

11 of the private key at the location of the user. 

1 6. The method of Claim 5, wherein the user identifying key 

2 determined by interaction with the user at the user 

3 equipment is determined from a passphrase entered by the 

4 user at the user equipment or biometric information which is 
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obtained from the user by suitable measurement or scanning 
at the user equipment, 

7. A method as claimed in Claim 5, wherein the decrypted 
private key is used by: 

computing a hash of a document to manifest the user's 
approval of the document; 

encrypting the hash using the user's private key; and 
transmitting the encrypted hash. 

8. A method as claimed in Claim 6, wherein the decrypted 
private key is used by: 

computing a hash of a document to manifest the user's 
approval of the document; 

encrypting the hash using the user's private key; and 
transmitting the encrypted hash, 

9. A method as claimed in Claim 5, wherein the de#£ypted 
private key is used by: 

computing a hash of a document to manifest the user's 
approval of the document; 

encrypting the hash using the user's private key; and 
transmitting the encrypted h^h. y* 0 * N 

10 . A method as claimed in^Claim y, wherein/the decrypted 
private key is used by: / / 



computing a hasj^/bf a document to manifest) the user's 

approval of the document; / ^ 

encrypting/the hash using the user's private key; and 
transmitting the encrypted hash. 
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A system f or ^ dm i n is-te ^ -n g p ri-vato—keys— f<)r- a -- p 3rU3?ar^£^^ 
arising computer readable storage means 
characterized intKafr- -feh^xg^jLs stored therein respective IDs 
and encrypted private keys for tKe^eagective users which 
private keys have been encrypted using respec^ivej^e^s 
det^rmrned from rf^qpa^fciju rp nspr -i dpnfi fyi ng informatiorL^ 



12. The system of Cl^ih^Ll, wherein the user identifying 
information comprises aNpassphrase or biometric information. 

r 13. A system as claimed in Claim 11, charact£j?i£ed in that 
there is further stored in the storage m^atfs respective 
public keys corresponding to the private keys for the 
respective users. 



14. A system as claimed in Claim 12, characterized in that 
there is further spared in the storage means respective 
public keys corresponding to the private keys for the 



r^specrive 




a syst^~ars~<jra^m'e'd~in"-e±a- im - 11, fuxtiiHr~CDn^rl^iiTg"-a~- 
for accessing the storage means, characterized in 
that the sfe^yer is configured for reading from the storage 
means an encrypted private key and corresponding public key 
associated with an ^^corresponding to a particular user, 
for transmitting the encrypted private key to the particular 
user, and for decrypting dataN^ceived from the user using 
the public key. 



16. A system as claimed in Claim 12, furthe^qomprising a 
server for accessing the storage means, characterised in 
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3 tha^r~t^e--s-eEver is configured for reading from the storage 

4 means an encrypt ec^^rdj^te^key and corresponding public key 

5 associated with an ID cor respondin^^o^a particular user, 

6 for transmitting the encrypted private keyTo^he-^^articular 

7 user, and for decrypting data received from the user us; 

8 A 



1 17 • A system as claimed in Claim 15, characterized in that 

2 the server is further configured f orpeifiputing a hash of a 

3 document and comparing the conjpwl^ed hash wa^ttr^ie decrypted 

4 data . 
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18. A systempts claimed in Claim 16/ characterized in that 
the serve^xis further configured NCorr computing^! hash of a 
documeprlf and comparing the computeo/shash with tjie decrypted 



1 19. ^A^ystem as claimed in Claim 16, further comprising at 

2 least one u^ar terminal interconnected via a network to the 

3 server, charactei^ed^^ user terminal is 

4 configured for transmuting bt> the server via the network an 

5 ID entered by the user, a^a^for receiving and decrypting an 

6 encrypted private key receiveoxia the network from the 

7 server using a user identifying keiNs^etermined from a 

8 passphrase entered by the user or biomet^ic information 

9 obtained by measuring the user. 
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20. A system as claimed ±A Claim 18, further comprising at 
least one user terminal iAter ;bsmected via a network to the 
server, characterized isf that the user terminal is 
configured for transmitting tK the server via the network an 
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ID entered by the usjer, and for receiving and decrypting an 
encrypted private kdy revived via the network from the 
server using a user/ identifying key determined from a 
passphrase entered/by thfe<user or biometric information 
obtained by measurjing/the user, 



